Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cveQualcommCVE-2019-2281
HistoryJul 25, 2019 - 5:15 p.m.

CVE-2019-2281

2019-07-2517:15:12
qualcomm
web.nvd.nist.gov
30
cve-2019-2281
bitmap image
snapdragon compute
snapdragon connectivity
snapdragon consumer iot
snapdragon industrial iot
snapdragon mobile
snapdragon voice & music
nvd
vulnerability

CVSS2

4.6

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

7.8

Confidence

High

EPSS

0

Percentile

12.6%

JSON

An unauthenticated bitmap image can be loaded in to memory and subsequently cause execution of unverified code. in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music in QCS405, QCS605, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 835, SD 845 / SD 850, SD 855, SD 8CX, SDA660, SDM630, SDM660, SDX24, SXR1130

Affected configurations

Nvd
Node
qualcommqcs405_firmwareMatch-
AND
qualcommqcs405Match-
Node
qualcommqcs605_firmwareMatch-
AND
qualcommqcs605Match-
Node
qualcommsd_636_firmwareMatch-
AND
qualcommsd_636Match-
Node
qualcommsd_665_firmwareMatch-
AND
qualcommsd_665Match-
Node
qualcommsd_675_firmwareMatch-
AND
qualcommsd_675Match-
Node
qualcommsd_712_firmwareMatch-
AND
qualcommsd_712Match-
Node
qualcommsd_710_firmwareMatch-
AND
qualcommsd_710Match-
Node
qualcommsd_670_firmwareMatch-
AND
qualcommsd_670Match-
Node
qualcommsd_730_firmwareMatch-
AND
qualcommsd_730Match-
Node
qualcommsd_820_firmwareMatch-
AND
qualcommsd_820Match-
Node
qualcommsd_835_firmwareMatch-
AND
qualcommsd_835Match-
Node
qualcommsd_845_firmwareMatch-
AND
qualcommsd_845Match-
Node
qualcommsd_850_firmwareMatch-
AND
qualcommsd_850Match-
Node
qualcommsd_855_firmwareMatch-
AND
qualcommsd_855Match-
Node
qualcommsd_8cx_firmwareMatch-
AND
qualcommsd_8cxMatch-
Node
qualcommsda660_firmwareMatch-
AND
qualcommsda660Match-
Node
qualcommsdm630_firmwareMatch-
AND
qualcommsdm630Match-
Node
qualcommsdm660_firmwareMatch-
AND
qualcommsdm660Match-
Node
qualcommsdx24_firmwareMatch-
AND
qualcommsdx24Match-
Node
qualcommsxr1130_firmwareMatch-
AND
qualcommsxr1130Match-
VendorProductVersionCPE
qualcommqcs405_firmware-cpe:2.3:o:qualcomm:qcs405_firmware:-:*:*:*:*:*:*:*
qualcommqcs405-cpe:2.3:h:qualcomm:qcs405:-:*:*:*:*:*:*:*
qualcommqcs605_firmware-cpe:2.3:o:qualcomm:qcs605_firmware:-:*:*:*:*:*:*:*
qualcommqcs605-cpe:2.3:h:qualcomm:qcs605:-:*:*:*:*:*:*:*
qualcommsd_636_firmware-cpe:2.3:o:qualcomm:sd_636_firmware:-:*:*:*:*:*:*:*
qualcommsd_636-cpe:2.3:h:qualcomm:sd_636:-:*:*:*:*:*:*:*
qualcommsd_665_firmware-cpe:2.3:o:qualcomm:sd_665_firmware:-:*:*:*:*:*:*:*
qualcommsd_665-cpe:2.3:h:qualcomm:sd_665:-:*:*:*:*:*:*:*
qualcommsd_675_firmware-cpe:2.3:o:qualcomm:sd_675_firmware:-:*:*:*:*:*:*:*
qualcommsd_675-cpe:2.3:h:qualcomm:sd_675:-:*:*:*:*:*:*:*
Rows per page:
1-10 of 401

CNA Affected

[
  {
    "product": "Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music",
    "vendor": "Qualcomm, Inc.",
    "versions": [
      {
        "status": "affected",
        "version": "QCS405, QCS605, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 835, SD 845 / SD 850, SD 855, SD 8CX, SDA660, SDM630, SDM660, SDX24, SXR1130"
      }
    ]
  }
]

Related

nvd 1
prion 1
cvelist 1
androidsecurity 1
nvd
nvd
CVE-2019-2281
2019-07-25 17:15:12
prion
prion
Code injection
2019-07-25 17:15:00
cvelist
cvelist
CVE-2019-2281
2019-07-25 16:33:18
androidsecurity
androidsecurity
Pixel Update Bulletinβ€”September 2019
2019-09-03 00:00:00

CVSS2

4.6

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

7.8

Confidence

High

EPSS

0

Percentile

12.6%

JSON
Related for CVE-2019-2281
nvd1prion1cvelist1androidsecurity1